@pulumi/fastly
Version:
A Pulumi package for creating and managing fastly cloud resources.. Based on terraform-provider-fastly: version v4
390 lines • 12.6 kB
JavaScript
"use strict";
// *** WARNING: this file was generated by pulumi-language-nodejs. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.NgwafWorkspaceRule = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* Provides a Fastly Next-Gen WAF Workspace Rule, scoped to a specific NGWAF workspace.\
* These rules define conditions and actions that trigger WAF enforcement at the workspace level.
*
* ## Example Usage
*
* Basic usage:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
* workspaceId: example.id,
* type: "request",
* description: "Block requests from specific IP to login path",
* enabled: true,
* requestLogging: "sampled",
* groupOperator: "all",
* actions: [{
* type: "block",
* }],
* conditions: [
* {
* field: "ip",
* operator: "equals",
* value: "192.0.2.1",
* },
* {
* field: "path",
* operator: "equals",
* value: "/login",
* },
* ],
* });
* ```
*
* Using templated signals:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
* workspaceId: example.id,
* type: "request",
* description: "",
* enabled: true,
* groupOperator: "all",
* conditions: [
* {
* field: "method",
* operator: "equals",
* value: "POST",
* },
* {
* field: "path",
* operator: "equals",
* value: "/login",
* },
* ],
* actions: [{
* type: "templated_signal",
* signal: "LOGINATTEMPT",
* }],
* });
* ```
*
* Using group conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
* workspaceId: example.id,
* type: "request",
* description: "Block requests with grouped conditions",
* enabled: true,
* requestLogging: "sampled",
* groupOperator: "all",
* actions: [{
* type: "block",
* }],
* groupConditions: [
* {
* groupOperator: "any",
* conditions: [
* {
* field: "protocol_version",
* operator: "equals",
* value: "HTTP/1.0",
* },
* {
* field: "method",
* operator: "equals",
* value: "HEAD",
* },
* {
* field: "domain",
* operator: "equals",
* value: "example.com",
* },
* ],
* },
* {
* groupOperator: "all",
* conditions: [
* {
* field: "country",
* operator: "equals",
* value: "AD",
* },
* {
* field: "method",
* operator: "equals",
* value: "POST",
* },
* ],
* },
* ],
* });
* ```
*
* Using multival conditions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const exampleNgwafWorkspaceRule = new fastly.NgwafWorkspaceRule("example", {
* workspaceId: example.id,
* type: "request",
* description: "Block requests with specific header patterns",
* enabled: true,
* requestLogging: "sampled",
* groupOperator: "all",
* actions: [{
* type: "block",
* }],
* multivalConditions: [{
* field: "request_header",
* operator: "exists",
* groupOperator: "any",
* conditions: [
* {
* field: "name",
* operator: "does_not_equal",
* value: "Header-Sample",
* },
* {
* field: "name",
* operator: "contains",
* value: "X-API-Key",
* },
* {
* field: "value_string",
* operator: "equals",
* value: "application/json",
* },
* ],
* }],
* });
* ```
*
* Using rate limits:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const demoSignal = new fastly.NgwafWorkspaceSignal("demo_signal", {
* workspaceId: example.id,
* name: "demo",
* description: "A description of my signal.",
* });
* const ipLimit = new fastly.NgwafWorkspaceRule("ip_limit", {
* workspaceId: example.id,
* type: "rate_limit",
* description: "Rate limit demo rule-updated",
* enabled: true,
* conditions: [{
* field: "ip",
* operator: "equals",
* value: "1.2.3.4",
* }],
* rateLimit: {
* signal: "site.demo",
* threshold: 100,
* interval: 60,
* duration: 300,
* clientIdentifiers: [{
* type: "ip",
* }],
* },
* actions: [{
* signal: "SUSPECTED-BOT",
* type: "block_signal",
* }],
* });
* ```
*
* Using signal exclusions:
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as fastly from "@pulumi/fastly";
*
* const example = new fastly.NgwafWorkspace("example", {
* name: "example",
* description: "Test NGWAF Workspace",
* mode: "block",
* ipAnonymization: "hashed",
* clientIpHeaders: [
* "X-Forwarded-For",
* "X-Real-IP",
* ],
* defaultBlockingResponseCode: 429,
* attackSignalThresholds: {},
* });
* const excludeXssSignal = new fastly.NgwafWorkspaceRule("exclude_xss_signal", {
* workspaceId: example.id,
* type: "signal",
* description: "Exclude XSS signal to address a false positive",
* enabled: true,
* groupOperator: "all",
* conditions: [{
* field: "path",
* operator: "like",
* value: "/contact-form",
* }],
* actions: [{
* type: "exclude_signal",
* signal: "XSS",
* }],
* });
* ```
*
* ## Import
*
* Fastly Next-Gen WAF workspace rules can be imported using the format `<workspaceID>/<ruleID>`, e.g.:
*
* ```sh
* $ pulumi import fastly:index/ngwafWorkspaceRule:NgwafWorkspaceRule demo <workspaceID>/<ruleID>
* ```
*/
class NgwafWorkspaceRule extends pulumi.CustomResource {
/**
* Get an existing NgwafWorkspaceRule resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new NgwafWorkspaceRule(name, state, { ...opts, id: id });
}
/**
* Returns true if the given object is an instance of NgwafWorkspaceRule. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === NgwafWorkspaceRule.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["actions"] = state?.actions;
resourceInputs["conditions"] = state?.conditions;
resourceInputs["description"] = state?.description;
resourceInputs["enabled"] = state?.enabled;
resourceInputs["groupConditions"] = state?.groupConditions;
resourceInputs["groupOperator"] = state?.groupOperator;
resourceInputs["multivalConditions"] = state?.multivalConditions;
resourceInputs["rateLimit"] = state?.rateLimit;
resourceInputs["requestLogging"] = state?.requestLogging;
resourceInputs["type"] = state?.type;
resourceInputs["workspaceId"] = state?.workspaceId;
}
else {
const args = argsOrState;
if (args?.actions === undefined && !opts.urn) {
throw new Error("Missing required property 'actions'");
}
if (args?.description === undefined && !opts.urn) {
throw new Error("Missing required property 'description'");
}
if (args?.enabled === undefined && !opts.urn) {
throw new Error("Missing required property 'enabled'");
}
if (args?.type === undefined && !opts.urn) {
throw new Error("Missing required property 'type'");
}
if (args?.workspaceId === undefined && !opts.urn) {
throw new Error("Missing required property 'workspaceId'");
}
resourceInputs["actions"] = args?.actions;
resourceInputs["conditions"] = args?.conditions;
resourceInputs["description"] = args?.description;
resourceInputs["enabled"] = args?.enabled;
resourceInputs["groupConditions"] = args?.groupConditions;
resourceInputs["groupOperator"] = args?.groupOperator;
resourceInputs["multivalConditions"] = args?.multivalConditions;
resourceInputs["rateLimit"] = args?.rateLimit;
resourceInputs["requestLogging"] = args?.requestLogging;
resourceInputs["type"] = args?.type;
resourceInputs["workspaceId"] = args?.workspaceId;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(NgwafWorkspaceRule.__pulumiType, name, resourceInputs, opts);
}
}
exports.NgwafWorkspaceRule = NgwafWorkspaceRule;
/** @internal */
NgwafWorkspaceRule.__pulumiType = 'fastly:index/ngwafWorkspaceRule:NgwafWorkspaceRule';
//# sourceMappingURL=ngwafWorkspaceRule.js.map